package com.foreveross.project.usercenterserver.security.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
import org.springframework.security.web.AuthenticationEntryPoint;

@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    /**
     * 用户中心也是资源
     */

    public void configure(HttpSecurity http) throws Exception {
        http
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                .and()
                .authorizeRequests().mvcMatchers("/favicon.ico", "/signIn", "/signUp", "/security_check", "/404", "/captcha/**", "/user/me").permitAll()
                .mvcMatchers("/oauth/signUp").permitAll()
                .and()
                .authorizeRequests()
                .antMatchers("/**").access("@rbacauthorityservice.hasPermission(request,authentication)");

    }

    @Autowired
    private OAuth2WebSecurityExpressionHandler expressionHandler;
    @Bean
    public OAuth2WebSecurityExpressionHandler oAuth2WebSecurityExpressionHandler(ApplicationContext applicationContext) {
        OAuth2WebSecurityExpressionHandler expressionHandler = new OAuth2WebSecurityExpressionHandler();
        expressionHandler.setApplicationContext(applicationContext);
        return expressionHandler;
    }
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
        ((OAuth2AuthenticationEntryPoint) authenticationEntryPoint).setExceptionTranslator(new CustomWebResponseExceptionTranslator());
        resources.expressionHandler(expressionHandler);
        resources.authenticationEntryPoint(authenticationEntryPoint);
    }

   // @Override
 //   public void configure(HttpSecurity http) throws Exception {
//        http
//                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
//                .authorizeRequests().antMatchers("/api/v1/login", "/api/v1/sign", "/error/**").permitAll()
//                .anyRequest()
//                .access("@rbacauthorityservice.hasPermission(request,authentication)")
//                .anyRequest().authenticated()
//                .and()
//                .formLogin().permitAll();
//        http
//                .exceptionHandling()
//                .and()
//                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//                .and()
//                .authorizeRequests()
//                .antMatchers("/oauth2/tenant").access()
//                //hasAuthority("@rbacauthorityservice.hasPermission(request,authentication)");
////                .antMatchers("/view/**").hasAuthority("ROLE_SUPER")
////                .antMatchers("/insert/**").hasAuthority("ROLE_SUPER")
////                .antMatchers("/update/**").hasAuthority("ROLE_SUPER")
////                .antMatchers("/delete/**").hasAuthority("ROLE_SUPER");

 //   }

}
